This commit uses the previously defined selinux label to transition
from the openvswitch_t to openvswitch_load_module_t domain, by way of
a specially labelled ovs-kmod-ctl helper.
Signed-off-by: Aaron Conole <acon...@redhat.com>
---
selinux/.gitignore | 4 ++++
selinux/automake.mk | 3 ++-
selinux/openvswitch-custom.fc.in | 1 +
3 files changed, 7 insertions(+), 1 deletion(-)
create mode 100644 selinux/openvswitch-custom.fc.in
diff --git a/selinux/.gitignore b/selinux/.gitignore
index 83a0afb51..64e834cd1 100644
--- a/selinux/.gitignore
+++ b/selinux/.gitignore
@@ -1 +1,5 @@
openvswitch-custom.te
+openvswitch-custom.fc
+openvswitch-custom.pp
+openvswitch-custom.if
+tmp/
diff --git a/selinux/automake.mk b/selinux/automake.mk
index b37e8f337..c7dfe6ed5 100644
--- a/selinux/automake.mk
+++ b/selinux/automake.mk
@@ -6,11 +6,12 @@
# without warranty of any kind.
EXTRA_DIST += \
+ selinux/openvswitch-custom.fc.in \
selinux/openvswitch-custom.te.in
PHONY: selinux-policy
-selinux-policy: selinux/openvswitch-custom.te
+selinux-policy: selinux/openvswitch-custom.te selinux/openvswitch-custom.fc
$(MAKE) -C selinux/ -f /usr/share/selinux/devel/Makefile
CLEANFILES += \
diff --git a/selinux/openvswitch-custom.fc.in b/selinux/openvswitch-custom.fc.in
new file mode 100644
index 000000000..c2756d04b
--- /dev/null
+++ b/selinux/openvswitch-custom.fc.in
@@ -0,0 +1 @@
+@pkgdatadir@/scripts/ovs-kmod-ctl --
gen_context(system_u:object_r:openvswitch_load_module_exec_t,s0)
--
2.14.3
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
